This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

So Long ORDB; So Long 2006

Remember the days, years ago, when we could use just about any mail server we wanted to send legitimate email? That ability was especially helpful in certain instances, particularly when our regular mail server went down or we found ourselves unable to reach our regular mail server while traveling. The ability for anyone to use a given mail server of course meant that the server was an open relay, and the days of open relays are nearly gone, thanks to spammers.

Spammers' abuse of open relays quickly led to a new "best practice" of administrators no longer leaving their mail servers wide open for use by anyone (for the most part anyway). At the same time, people formed groups that began tracking open relays with the intent of providing lists of those servers to others who wanted to use them to help detect potential spam.

One such group, Open Relay Database (ORDB), has been a long-standing resource for administrators in their efforts to eliminate spam. But alas, last week ORDB announced that it's shutting down.

The nonprofit organization--founded 5 1/2 years ago--provided a valuable service to the Internet community by making its database available via several methods, including simple and fast DNS queries.

When ORDB went live in 2001, private individuals and network administrators at companies of all sizes around the world began to use it as one of several methods of gauging whether a message might be spam. The logic of using ORDB was simply that if a message passed through an open relay, then it was likely spam because spammers abuse open relays.

Community support for the integration of ORDB was significant. Integration methods were made available for many popular mail servers including Postfix, Sendmail, qmail, Exim, Lotus Domino, and Microsoft Exchange Server. But although integration support was strong, the operators of ORBD say that they think the usefulness of ORDB has reached its end.

A message posted on the organization's Web site said that "the general consensus within the team is that open relay \[blacklists\] are no longer the most effective way of preventing spam from entering your network as spammers have changed tactics in recent years, as have the anti-spam community." http://ordb.org/news/?id=38

The ORDB mailing lists and the organization's DNS servers--the latter of which provided the means to check whether a mail server was an open relay--were shut down December 18. The ORDB team said that the Web site itself will be taken down as of December 31.

So long, ORDB, and thanks for all your hard work.

While ORDB blacklisted only open relays, other blacklist services continue to provide open relay databases and more. Such services can be used to check for a variety of other conditions about a given email message. For example, many blacklist operators now think that running a mail server on a dynamic IP address is taboo, so some provide databases of dynamic IP addresses in use around the world. The logic behind blacklisting mail servers that use dynamic IP addresses is that bots routinely turn the computers of dial-up users into prolific senders of spam, building behemoth mail server networks for spammers.

Other types of data offered by blacklist providers can include lists of open proxies, Web sites that host vulnerable mailer scripts, servers and networks that are known to be used to send spam, hijacked networks used to send spam, and more.

Quite some time ago, I wrote about the spam problem and mentioned a useful report that shows which blacklists are most effective for Jeff Makey. You can view his frequently updated report at the URL below. Many of the blacklists in Makey's report have proven effective in my own tests, and I think you'll find some of them effective for you too. http://www.sdsc.edu/~jeff/spam/cbc.html

This is the last edition of Security Update for 2006. We've come a long way since the newsletter began in late 1998. We've published more than 400 editions, brought you well over a thousand security-related news stories, pointed you to several hundred feature articles by various authors, and fielded countless email messages from you, our readers. We look forward to bringing you even more in the year ahead. And with that said, I wish you all a happy new year.